Roadmap
Phase 3: Enterprise Features
SSO, MFA, PostgreSQL, and SOC 2 Type I preparation.
Phase 3: Enterprise Features
Status: Planned | Target: Q3-Q4 2026
Phase 3 adds the enterprise features required for SOC 2 readiness and larger customer deployments.
Goals
- Enterprise authentication — SSO (SAML/OIDC) and MFA (TOTP/WebAuthn)
- Structured data — Migrate from in-memory/Temporal state to PostgreSQL
- Compliance preparation — Policies, procedures, and controls for SOC 2 Type I
- Enhanced security — EdDSA JWT signing, session management, RBAC expansion
Planned Work
Authentication & Authorization
- SSO integration (SAML 2.0 + OIDC)
- MFA support (TOTP via Google Authenticator)
- WebAuthn support (hardware security keys)
- AWS Cognito full integration
- EdDSA (Ed25519) JWT signing
- Session revocation and management
- Expanded RBAC (beyond admin/viewer)
- API key authentication for programmatic access
Database
- RDS PostgreSQL provisioning
- Schema design for deals, accounts, users
- Data migration from in-memory stores
- Connection pooling (PgBouncer)
- Automated backups with point-in-time recovery
SOC 2 Preparation
- Information security policy
- Access control policy
- Change management policy
- Incident response plan and playbook
- Risk assessment documentation
- Vendor management process
- Employee security training program
- Engage SOC 2 auditor for readiness assessment
Infrastructure
- Multi-AZ deployment for high availability
- RDS automated backups and encryption
- WAF (Web Application Firewall) on ALB
- VPC flow logs
- GuardDuty threat detection
Enterprise Auth Architecture
Success Criteria
Phase 3 is complete when:
- At least one SSO provider is fully integrated and tested
- MFA is available and enforceable per organization policy
- PostgreSQL is operational with automated backups
- All SOC 2 policies are documented and approved
- SOC 2 Type I readiness assessment is passed